PingFederate - How to authenticate Salted MD5 Hash Password?

Question

Can anyone point me to how PingFederate can authenticate accounts with salted MD5 hash passwords?

Thanks.

Answer 1

The use case you're after isn't totally clear - but I'm going to assume you are acting as an Identity Provider (IdP) with PingFederate and you have accounts stored in some system / database that have their passwords MD5 hashed (with a salt).

Depending on the version of PingFederate being used you may need a custom IdP Adapter (pre-6.6) or a custom Password Credentials Validator (6.6 and up). The PingFederate SDK has Javadocs that describe the API's required along with sample code. Your custom adapter/PCV will be some Java code that looks up the user's account, MD5-salt-hashes the incoming password and compares that result with the stored account. If it's a match, the custom code will return a status code that indicates so.

You will of course then need your SP connection(s) then configured to use this IdP Adapter / PCV (within the HTML or HTTP Basic auth adapter).